We are happy to introduce cross-project network links between OpenStack and Kubernetes!
This feature provides an easy and free solution for our customers to share one or multiple networks between their OpenStack and Kubernetes projects.
We employ the native OpenStack RBAC feature to make this possible.
As a result, our customers can now establish local connections between their OpenStack servers and Kubernetes clusters.
How you can use it
You will need to have at least one OpenStack project and one Kubernetes project with at least one cluster. Alternatively, two OpenStack projects or two Kubernetes projects with different subnets will also work.
Once you are logged in to your NWS account, just navigate to either one of your OpenStack projects or one of your Kubernetes projects.
Next, click on “Networks” – this is a new section we added to the menu of the projects.
A list with all of the networks of the project will show up. Next to each of the networks you will find an action called “Manage network links“.
If you click on “Manage network links”, a popup window will show up containing a list of all the other networks that you have in your other Kubernetes and OpenStack projects.
The networks are grouped by the projects they belong to. For each network you now have an option to create a link, as seen in the screenshot. If you have chosen a network, which you would like to link to the current network, you just have to click on the “Create Link” button next to it.
Doing so will trigger a job which will be processed in the background. As one of the first steps, the job will check, if the selected networks are compatible with each other. Two networks are compatible, if they contain subnets with different subnet addresses. Furthermore, there must be a router in each of the projects, which has an interface on each of the networks.
Only, if both of those requirements are met, it will be possible to route between the networks and the job will start. Once it’s finished, you’ll get notified.
In case the requirements are not met you will get a notification telling you that the subnets are incompatible.
By default, our OpenStack and Kubernetes networks are compatible with each other. If you want to link Kubernetes with Kubernetes, then the only way to ensure compatibility is to supply a custom subnet address on creation to one of the clusters. For OpenStack to OpenStack you do not have the option (yet) to supply a custom subnet address to your default network on creation of the project. However, you can create your own custom networks with any subnet addresses and ensure compatibility that way.
Why should you use it?
Some might ask, why should one want to use this feature? Here is an example:
Let’s say, you have your application running on your Kubernetes cluster and you need to connect it to a database, which is running on a server in your OpenStack project. In that case you want to have a secure connection – a VPN comes to mind. Another approach would be a Database with a floating IP and security group rules.
But both of those options come with some tradeoffs: in case of the VPN, you have another point of failure and additional network overhead. And with a floating IP on your database you might not sleep so well, because of security concerns.
This new feature comes in handy, as the connections are not leaving our internal network infrastructure and traffic can flow locally between the projects and networks without additional overhead!
We already had some customers who were using this feature before the launch of the integration into NWS. In those cases one of our MyEngineers would configure the cross-connection manually for the customer.
But now it comes at no additional costs, because it does not require any action of one of our MyEngineers. Feel free to try it. Should you have any questions, don’t hesitate to send us a message or use our LiveChat on our website, which can be found in the bottom right corner.
0 Comments